{"api_version":"1","generated_at":"2026-04-23T04:10:56+00:00","cve":"CVE-2022-38469","urls":{"html":"https://cve.report/CVE-2022-38469","api":"https://cve.report/api/cve/CVE-2022-38469.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-38469","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-38469"},"summary":{"title":"CVE-2022-38469","description":"An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2023-01-18 00:15:00","updated_at":"2023-11-07 03:50:00"},"problem_types":["CWE-522"],"metrics":[],"references":[{"url":"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01","name":"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01","refsource":"MISC","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01","name":"https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01","refsource":"MISC","tags":[],"title":"GE Digital Proficy Historian | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-38469","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-38469","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"38469","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ge","cpe5":"proficy_historian","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-38469","ASSIGNER":"ics-cert@hq.dhs.gov","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-261 Weak Encoding for Password","cweId":"CWE-261"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"GE Digital ","product":{"product_data":[{"product_name":"Proficy Historian","version":{"version_data":[{"version_value":"7.0","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01","refsource":"MISC","name":"https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"},{"url":"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01","refsource":"MISC","name":"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"EXTERNAL"},"solution":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\nGE Digital released <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ge.com/digital/applications/proficy-historian\">Proficy Historian 2023</a>&nbsp;<span style=\"background-color: var(--wht);\">to mitigate these vulnerabilities. &nbsp;SIMs have also been released for all affected versions.</span><p>Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01\">this notification document from GE Digital</a><span style=\"background-color: var(--wht);\">.&nbsp;&nbsp;</span></p>"}],"value":"GE Digital released  Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian  to mitigate these vulnerabilities.  SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting  this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .  \n\n"}],"credits":[{"lang":"en","value":"Uri Katz of Claroty Research reported these vulnerabilities to GE. "}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-01-18 00:15:00","lastModifiedDate":"2023-11-07 03:50:00","problem_types":["CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ge:proficy_historian:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0","versionEndExcluding":"2023","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}